Hi Everyone, Based on the docs for SSL_CTX_set_tmp_dh_callback(3), the callback is supposed to be invoked for DH parameter selection. The docs also avoid/fail to state its a server only feature, so its not clear to me if the client is able to use it. Its appears SSL_CTX_set_tmp_dh_callback and/or SSL_set_tmp_dh_callback are not invoked at the client when the temporary pubic key is selected, so there does not appear to be a way to query the field size and fail the connection. ARe clients supposed to be informed of DH parameter selection via SSL_CTX_set_tmp_dh_callback and/or SSL_set_tmp_dh_callback? Or is there another method available? At the client, how do we enforce minimum Diffie-Hellman field sizes? Jeff
